Author Topic: False Positive  (Read 1222 times)

0 Members and 1 Guest are viewing this topic.

Offline berndkusen

  • Newbie
  • *
  • Posts: 2
False Positive
« on: December 05, 2019, 05:23:32 PM »
Avast blocks our Website hxtps://ligier-microcar.de as phishing. I filled the false positive form and got a message from AVAST support: "Our virus specialists have now cleared its reputation in our database."
But the website ist still blocked.
There is no phishing and no malware. I have checked the website with many tools. No blacklisting, all clean.
Only AVSt claims that it is phishing.
« Last Edit: December 06, 2019, 10:53:42 AM by Milos »

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 36730
Re: False Positive
« Reply #1 on: December 05, 2019, 06:21:44 PM »
have you tried a manaul avast update and reboot computer?



Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32620
  • malware fighter
Re: False Positive
« Reply #2 on: December 05, 2019, 11:29:00 PM »
A number of 3 engines detected this website half a year ago.
Now two are still flagging it: https://www.virustotal.com/gui/url/c87d9f3f4a893d841506a90bff9fdf68e358dadbebc3c570998614ce46afef92/detection
Vulnerabilities on the hoster of that IP: https://www.shodan.io/host/87.106.148.243
Probably flagged for Youtheme ico malcode: https://aw-snap.info/file-viewer/?protocol=secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=bFtnW3t9LW1bXn1dXnx9LiN7YA%3D%3D~enc  or just a Re-Captcha?
No detections here: https://sitecheck.sucuri.net/results/https/ligier-microcar.de
2 vulnerable libraries detected: https://retire.insecurity.today/#!/scan/5ff157b9cd9c6a174fbf3340141e996f290c16e44420c212b4ce2300fb8d7bc0

DOM-XSS issues: Results from scanning URL: -https://ligier-microcar.de/plugins/content/webrotate360/imagerotator/html/js/imagerotator.js
Number of sources found: 13
Number of sinks found: 32
&
Results from scanning URL: -https://ligier-microcar.de/plugins/content/webrotate360/imagerotator/html/js/imagerotator.js
Number of sources found: 65
Number of sinks found: 26

Read on JavaScript errors -https://forum.joomla.org/viewtopic.php?t=738791

Avast still flags a a PHISHING site. Wait for an avast team member to give a final verdict,
as they are the only ones to come and unblock or keep blocking it when with malcode.

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
« Last Edit: December 05, 2019, 11:31:58 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32620
  • malware fighter
Re: False Positive
« Reply #3 on: December 06, 2019, 10:48:19 AM »
Dr Web scan gives the site the all green:
Quote
Checking: -https://ligier-microcar.de/plugins/system/googletagmanager/js/scroll-tracker.js
File size: 5248 bytes
File MD5: 8621ff319adcff159cce92c81b166aa4

-https://ligier-microcar.de/plugins/system/googletagmanager/js/scroll-tracker.js - Ok



Checking: -https://ligier-microcar.de/media/widgetkit/uikit2-de676c78.js
File size: 108.61 KB
File MD5: 75069e4c0ddbf4a1c2ac4c7ccb04250f

-https://ligier-microcar.de/media/widgetkit/uikit2-de676c78.js - archive MAIL
>-https://ligier-microcar.de/media/widgetkit/uikit2-de676c78.js/1.part - archive JS-HTML
>>-https://ligier-microcar.de/media/widgetkit/uikit2-de676c78.js/1.part/IFrame_1[30] - Ok
>>-https://ligier-microcar.de/media/widgetkit/uikit2-de676c78.js/1.part/IFrame_2[31] - Ok
>-https://ligier-microcar.de/media/widgetkit/uikit2-de676c78.js/1.part - Ok
-https://ligier-microcar.de/media/widgetkit/uikit2-de676c78.js - Ok



Checking: -https://ligier-microcar.de/media/widgetkit/wk-scripts-ec2654aa.js
File size: 16.38 KB
File MD5: 8fd8078bff2f9407f975a6c72e94fe4c

-https://ligier-microcar.de/media/widgetkit/wk-scripts-ec2654aa.js - archive JS-HTML
-https://ligier-microcar.de/media/widgetkit/wk-scripts-ec2654aa.js - Ok



Checking: -https://ligier-microcar.de/plugins/content/webrotate360/webrotate360.js
File size: 1263 bytes
File MD5: cb155efb127d41707c3695db921d4cc4

-https://ligier-microcar.de/plugins/content/webrotate360/webrotate360.js - archive JS-HTML
>-https://ligier-microcar.de/plugins/content/webrotate360/webrotate360.js/JSFile_1[0][4ef] - Ok
-https://ligier-microcar.de/plugins/content/webrotate360/webrotate360.js - Ok



Checking: -https://ligier-microcar.de/plugins/content/webrotate360/imagerotator/html/js/imagerotator.js
File size: 71.83 KB
File MD5: bd2e0f053ce06d1c3217cd7415a34c29

-https://ligier-microcar.de/plugins/content/webrotate360/imagerotator/html/js/imagerotator.js - archive JS-HTML
>-https://ligier-microcar.de/plugins/content/webrotate360/imagerotator/html/js/imagerotator.js/JSFile_1[0][11f57] - Ok
-https://ligier-microcar.de/plugins/content/webrotate360/imagerotator/html/js/imagerotator.js - Ok



Checking: -https://ligier-microcar.de/plugins/content/webrotate360/prettyphoto/js/jquery.prettyPhoto.js
File size: 36.03 KB
File MD5: 9bb122865bb9ec2f696149808c0f2ccf

-https://ligier-microcar.de/plugins/content/webrotate360/prettyphoto/js/jquery.prettyPhoto.js - archive JS-HTML
>-https://ligier-microcar.de/plugins/content/webrotate360/prettyphoto/js/jquery.prettyPhoto.js/IFrame_1[b3] - Ok
https://ligier-microcar.de/plugins/content/webrotate360/prettyphoto/js/jquery.prettyPhoto.js - Ok

Checking: -https://ligier-microcar.de
Engine version: 7.0.42.9300
Total virus-finding records: 8369054
File size: 42.22 KB
File MD5: 14fdcab7db4db24f8d738720b65fb125

-https://ligier-microcar.de - archive JS-HTML
>-https://ligier-microcar.de/JSTAG_1[5c][2a] - Ok
>-https://ligier-microcar.de/JSTAG_2[d5][14e] - Ok
>-https://ligier-microcar.de/JSTAG_3[b73][24d] - Ok
>-https://ligier-microcar.de/JSTAG_4[dd3][76] - Ok
>-https://ligier-microcar.de/JSTAG_5[e97][1e5] - Ok
>-https://ligier-microcar.de/IFrame_6[43] - Ok
-https://ligier-microcar.de - Ok

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline berndkusen

  • Newbie
  • *
  • Posts: 2
Re: False Positive
« Reply #4 on: December 06, 2019, 03:16:08 PM »
have you tried a manaul avast update and reboot computer?
::) I would simply delete Avast from my computer. That's not the problem.
But there are a lot of visitors on our website who get the message from avast that it is phishing.
Do you want to tell them all to update and restart their system?

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 36730
Re: False Positive
« Reply #5 on: December 06, 2019, 03:46:40 PM »
have you tried a manaul avast update and reboot computer?
::) I would simply delete Avast from my computer. That's not the problem.
But there are a lot of visitors on our website who get the message from avast that it is phishing.
Do you want to tell them all to update and restart their system?
That was relatet to yesterday if the fix was just released when you posted this   "Our virus specialists have now cleared its reputation in our database."
If still problems contact avast again .... if you have any screenshot of avast block message post/attach it here







« Last Edit: December 06, 2019, 03:48:49 PM by Pondus »

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 32620
  • malware fighter
Re: False Positive
« Reply #6 on: December 06, 2019, 05:42:41 PM »
Hi Pondus,

Avast Online Security extension is still blocking as "This website is not secure:.This website is marked as a phising site.
Could have been cleared in the DB, cannot find it cleansed for Avast Online Security extension for Google Chrome etc.

polonus

Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline jefferson sant

  • Starting Graphoman
  • *
  • Posts: 6829
  • volunteer
Re: False Positive
« Reply #7 on: December 07, 2019, 12:34:05 AM »
Avast blocks our Website hxtps://ligier-microcar.de as phishing. I filled the false positive form and got a message from AVAST support: "Our virus specialists have now cleared its reputation in our database."
But the website ist still blocked.
There is no phishing and no malware. I have checked the website with many tools. No blacklisting, all clean.
Only AVSt claims that it is phishing.

Detection was removed by AVG in 06.12.2019 at 10:33 AM

Quote from: AVG
The detection by AVG was incorrect and was removed in a recent AVG update, please wait at least 24 hours.

Not being blocked Avast anymore.
« Last Edit: December 07, 2019, 12:42:19 AM by jefferson sant »